v4.10.1

4.10.1 (2026-01-30)

Bug Fixes

• improve NX caching (#11434) (922f9ad), closes /github.com/nrwl/nx/issues/33379#issuecomment-3657929455 /github.com/nrwl/nx/issues/6821#issuecomment-1309475504
• use versioned openapi protoc plugin for docs and console (#11423) (c56f509)

v4.10.0

4.10.0 (2026-01-23)

⚠️ There was an issue in the build pipeline and the "SMS country code selector to SMS OTP (LoginV1)" was not correctly built.
Please use v4.10.1 if you rely on the new feature.

Bug Fixes

• api: correctly handle organization_id on creation (#11396) (2f909ff), closes #11269
• login v1: only check password expiry for local users with password (#11344) (7eb3bd5)
• login: passkey reauth (#11365) (11630c5)
• login: prevent eventual consistency issues on /password/change, missing permissions (#11371) (56bd6d9), closes #11345
• login: use constructUrl for implicit IdP success/failure URLs (#11389) (d3321c8), closes #11386

Features

• Add SMS country code selector to SMS OTP (LoginV1) (#11373) (8968dbe), closes #8891
• api: allow filtering apps by client id and entity id (#11385) (b4cecc8), closes #11340
• cmd: skip privileged database commands during initialization if objects already present (#11021) (0d8c8d2), closes #10730
• i18n: add Arabic language support (#11161) (4ff4526), closes #11146

v4.9.2

4.9.2 (2026-01-22)

Bug Fixes

• features: increment version to deal with removed event types (#11402) (c5b0339)

v3.4.6

3.4.6 (2026-01-15)

This release also fixes the potential issue noted in v3.4.5.

Bug Fixes

• fields: sync membership roles from projections (#11178) (633a7fc)
• login: generalize error message on code verifications (0bb00dd)
• setup: member role synchronization execution check (#11180) (4834aa2)

v4.9.1

4.9.1 (2026-01-14)

Bug Fixes

• allow for the smtp-config to have no password set. (#11193) (6ff1211), closes #11084
• api: implement missing filters on ListAdministrators endpoint (#11319) (e680bde)
• cmd/build: populate date variable when not set through ldflags (#11316) (4ed8bc1)
• login v1: handle automatic re-auth using id_token_hint properly (#11326) (4746c22)
• login: correctly redirect to /password when ignoreUnknownUsername is set (#11130) (c300d4c), closes #11006
• login: generalize error message on code verifications (b85ab69)
• login: use onChange instead of onBlur with react-hook-form (#11354) (3af3953)

v4.9.0

4.9.0 (2026-01-06)

Bug Fixes

• action: execute without features set (#11271) (fa203cc)
• i18n: fix typos in MustBeMemoryOfOrg strings (#11085) (3edb3ef)
• id token had no lifetime for client credentials (#11204) (0553937), closes #11060
• inconsistent user creation v2 radio buttons #11092 (#11208) (3763ca5)
• login: cleanup server logs (#11195) (b58ba71), closes #11184
• login: delete custom request headers when their value is empty (#11263) (fdb8687)
• login: enable explicit IDP linking using existing session id (#11225) (776ccb6), closes #11191
• typo in setting LoginPolicy.IgnoreUnknownUsernames config (#11243) (0aa1e1e)

Features

• Add recovery code MFA support (#9954) (eeae2c6), closes #6898
• i18n: add Ukrainian language support (#10696) (bb38045)
• languages: add French localization (#11050) (3943619)
• login: Add Dutch (nl) locale (#11139) (84ea6d2)

v4.8.1

4.8.1 (2026-01-05)

Bug Fixes

• email: accept SMTPUTF8 addresses (#11115) (10a24db)

v4.8.0

4.8.0 (2025-12-30)

Features

• action v2: add JWT and JWE payload type options (#11196) (91b95bb), closes #11061

v4.7.6

4.7.6 (2025-12-17)

Bug Fixes

• login v1: update password verification handling (#11202) (6d6e96c)
• update pnpm, react, react-dom (#11197) (de16094), closes #11192

v4.7.5

4.7.5 (2025-12-12)

Bug Fixes

• [CVE-2025-55182] [CVE-2025-66478] Quick update react and Nextjs for #11140 (#11143) (bf8eb70)
• login: CVE-2025-55184 and CVE-2025-55183, update next (#11179) (1b8476a)